项目作者: m-mizutani

项目描述 :
CloudFormation templates of low interaction honeypot on AWS
高级语言: Python
项目地址: git://github.com/m-mizutani/aws-honeypot-templates.git
创建时间: 2019-02-02T05:00:44Z
项目社区:https://github.com/m-mizutani/aws-honeypot-templates

开源协议:

下载


AWS Honeypot Templates

architecture

Overview

This repository provides CloudFormation templates of low interaction honeypot on AWS.

How to deploy

Prerequisite

  • python >= 3.7
  • awscli >= 1.14.40

1) Setup backend

  1. $ aws cloudformation deploy \
  2. --template-file backend.yml \
  3. --stack-name <backend_stack_name> \
  4. --capabilities CAPABILITY_IAM

Required parameters

  • backend_stack_name: CloudFormation stack name (e.g. my-honeypot-backend)
  1. $ aws cloudformation describe-stack-resources --stack-name <backend_stack_name> | jq '.StackResources[] | select(.LogicalResourceId == "DataStore") | .PhysicalResourceId ' -r

2) Setup sensor

  1. $ aws cloudformation deploy \
  2. --template-file sensor.yml \
  3. --stack-name <sensor_stack_name> \
  4. --capabilities CAPABILITY_IAM \
  5. --parameter-overrides \
  6. VpcId=<VpcId> \
  7. SubnetId=<SubnetId> \
  8. KeyName=<KeyName> \
  9. S3Bucket=<S3Bucket>

Required parameters

  • sensor_stack_name: CloudFormation stack name (e.g. my-honeypot-sensor)
  • VpcId: VPC ID that you want to connect with the new sensor instance (e.g. vpc-1234xxxx)
  • SubnetId: SubnetID that you want to connect with the new sensor instance (e.g. subnet-1234xxxx)
  • KeyName: SSH keyname that you want to put into the new sensor instance (e.g. default)
  • S3Bucket: backend S3 bucket name to store pcap data (e.g. my-honeypot-backend-honeypot-logs)

3) Setup output module

  1. $ cd output/cwlogs/
  2. $ ./deploy.sh <region> <backend_stack_name> <output_stack_name> <code_s3_bucket> <code_s3_prefix>

Required parameters

  • region: AWS region that you want to deploy CloudFormation stack. If you didn’t specify region, you can see your default region aws configure get region. (e.g. ap-northeast-1)
  • backend_stack_name: backend stack name (e.g. my-honeypot-backend)
  • output_stack_name: Name of a new CloudFormation stack
  • code_s3_bucket: S3 bucket name to store Lambda code (e.g. some-other-bucket)
  • code_s3_prefix: S3 key prefix to store Lambda code. NOTE: backslash / will be appended to tail of specified prefix automatically. (e.g. function)